Friday, December 06, 2013

software is a "good" but California claims still fail

In 2006, hackers infiltrated Symantec’s network and stole
the source code used in the 2006 versions of its antivirus etc. products.
Symantec allegedly knew this, but neither performed a reasonable investigation
into the breach nor informed consumers. Haskins bought Symantec’s Norton
Antivirus software online in late 2007 or early 2008.She alleged that she was exposed to
Symantec’s claims on its website that Norton Antivirus provided computer, data,
and email security by, inter alia, blocking viruses and spyware, that she
bought the product unaware that it was compromised and believing that it would
protect her, and that had she known the truth she wouldn’t have bought the
product.“In 2012, a hacking group
publicly claimed to possess the 2006 stolen source code and posted certain code
on the internet, and Symantec disclosed for the first time that its systems
had been breached in 2006 and the source code stolen.”

The court first found that Rule 9(b) applied to the UCL and
CLRA claims.Haskins identified specific
statements on Symantec’s website and in its ads, e.g., the products are
supposed to “secure and manage ... information against more risks” and
“eliminate risks to information, technology and processes....”Symantec argued that this was insufficient
because she failed to identify any specific ad she saw and relied on, and that
these statements were mere puffery.

Haskins did identify specific statements in ads, and
appended the relevant documents.Also, Tobacco II said that plaintiffs can
sometimes state a UCL claim without showing that they viewed any particular ad
where misrepresentations were part of an extensive, longterm ad campaign.If a plaintiff can prevail at trial without
showing that she saw any specific ad, Rule 9(b) shouldn’t have a higher
standard; that would turn Rule 9(b) from a procedural rule to a substantive
one.

Even named class members can have standing without proof
they saw a specific ad under Tobacco II,
but that case offers a narrow exception to the general rule where the
defendants engaged in decades-long saturation advertising.Here, Haskins based her allegations on ads 2006-2012,
while purchasing in 2007/2008.To have
standing, she’d have to allege that she was in a Tobacco II situation, and also that the long-term ad campaign to
which she was exposed affected her purchase decision. This complaint didn’t,
though the court would allow her to amend.

Symantec also argued that the claims were mostly
nonactionable puffery.But that
apparently conceded that some of the claims weren’t.Plus, even statements that might be puffery
standing alone can in context contribute to deception and be actionable.But the court accepted Symantec’s argument
that Haskins didn’t provide enough explanation of what was false.Though she attached the ads she was attacking
and therefore Symantec was on notice, she still didn’t “set forth what is false
or misleading about a statement, and why it is false” with sufficient
particularity—she appended “nearly the entirety of Symantec’s 2006–12
advertisements for, and website descriptions of, the Products.” Even claims for
fraud by omission need to identify the information Symantec communicated “that
was rendered misleading by the failure to disclose the 2006 source code theft.”Her burden was to “at least make a prima
facie explanation of how each of the complained-of statements constitute
fraud.”Thus, the complaint was
dismissed, but the court went on to address a few other issues in case she
filed an amended complaint.

Haskins needed to show injury to have standing under the
UCL; that can come from paying more than she would otherwise have been willing
to pay because the product was not as advertised.Symantec argued that she didn’t have standing
because she didn’t allege that she viewed any specific ad or representation,
but this didn’t necessarily matter under Tobacco
II.If she could win at trial on a
long-term ad campaign theory, her economic injury is the purchase that wouldn’t
have occurred but for the misrepresentation.Likewise, on a motion to dismiss, such harm would at least plausibly
ground a claim of “unfair” business practices, as well as fraudulent ones.The same theory would give her CLRA standing.

Symantec argued that software wasn’t “goods” or “services”
covered by the CLRA. The court disagreed, in a brief but pithy discussion.Goods are “tangible chattels bought or leased
for use primarily for personal, family, or household purposes.” Symantec argued that (1) because Haskins
downloaded the software, it wasn’t a tangible chattel, and (2) all software is
outside the CLRA even if purchased on disk.The CLRA’s language is from 1970. “It seems unlikely that the Legislature
knowingly exempted computer software from the CLRA’s scope two years before the
invention of Pong.”More likely, the
legislature meant to exempt credit and insurance from the scope of the law,
“since those commodities are inherently intangible promises which have no
direct and concrete impact on the physical universe.”

Of course, that reasoning wouldn’t justify expanding the
statute beyond its terms.But “tangible”
means “[h]aving or possessing physical form; corporeal.” Symantec’s software is
often purchased in physical form, as other “goods” are; other intangibles
aren’t. Plus, even downloaded, “it works a physical change on a physical hard
drive. It possesses corporeal form in a way that credit or insurance inherently
cannot.”

Symantec argued that the disk was irrelevant, “nothing but a
physical mechanism for delivering a nonphysical right to use intangible
software.”That was slicing the salami
too thinly.A book is a “tangible
chattel,” despite being “merely a delivery mechanism for the transmission of
information.”By contrast, insurance
contracts and credit cards aren’t delivery mechanisms, but physical
representations of an intangible agreement.“Consumers do not purchase software discs or books to memorialize or
prove the existence of an agreement; they purchase the objects to possess and
use them. As a physical object purchased for a consumer’s use, a software disc
is a tangible chattel.”

Though it was a close call, the court deferred to the
CLRA’s own instruction to construe the statute liberally.At least where there’s a physical version,
construing the statute to cover only the in-store version wouldn’t be a liberal
construction.

Creative Commons/disclaimer

Text on this blog is licensed under a Creative Commons Attribution 2.5 License. Pictures and works quoted may be subject to other parties' copyrights.
I speak for myself. On this blog, I do not and cannot speak for Georgetown Law, the Organization for Transformative Works and/or AO3.